subject:"Re\: \[tor\-dev\] \[\:\:\]\/8 is marked as private network, why\?"

Re: [tor-dev] [::]/8 is marked as private network, why?

2016-04-03 Thread grarpamp

On 3/29/16, Tim Wilson-Brown - teor  wrote:
> /** Private networks.  This list is used in two places, once to expand the

> So I think we should keep [::]/8 in the list of private addresses.

> That said, the list of IPv4 and IPv6 private addresses in tor is incomplete,

> https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
> https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml

I'd only bother with what's in these two lists, primarily the Global False.
Otherwise you end up determining and maintaining your own "bogon"
style lists which was not really the original intent of tracking IETF provided
rfc1918 style "private" address space list. Thus I'd remove it.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] [::]/8 is marked as private network, why?

2016-03-29 Thread Tim Wilson-Brown - teor

> On 29 Mar 2016, at 23:49, Tom Ritter  wrote:
> 
> On 29 March 2016 at 02:29, Sebastian Hahn  wrote:
>> I've been wondering about the private_nets const in src/or/policies. It
>> was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't
>> remember why, and I'm hoping someone has an idea (maybe teor, who I've
>> CCed here, who documented this in a later commit?). If nobody knows why
>> we do this I think we should remove it as likely incorrect.
> 
> ::/8 is Reserved by the IETF, it is (a superset of) the deprecated
> space for "IPv4 Compatible IPv6 Addresses".  The addresses are not to
> be reassigned for any other purposes.
> 
> Authoritative source:
> http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
> 
> I'm not necessarily sure what private networks are all used for in
> Tor, but maybe this explains it and makes sense?

/** Private networks.  This list is used in two places, once to expand the
 *  "private" keyword when parsing our own exit policy, secondly to ignore
 *  just such networks when building exit policy summaries.  It is important
 *  that all authorities agree on that list when creating summaries, so don't
 *  just change this without a proper migration plan and a proposal and stuff.
 */

So I think we should keep [::]/8 in the list of private addresses.

That said, the list of IPv4 and IPv6 private addresses in tor is incomplete, 
and could be updated based on [0] [1] for IPv6, and [2] for IPv4 ([3] seems to 
have too much information to be useful).

If we want to update it, we should consider:
private_nets
tor_addr_is_internal
(any other checks?)

We would need to write a proposal - at the very least, it would need a new 
consensus method, and some discussion of what happens when clients and exits 
disagree on the definition of what's private and what's not.

I don't think it's something I'll have time for, but if anyone else wants to 
guide us through the process, I'd be happy to support it and review code.

Tim

[0]: 
https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
[1]: 
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
[2]: 
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
[3]: 
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] [::]/8 is marked as private network, why?

2016-03-29 Thread Tom Ritter

On 29 March 2016 at 02:29, Sebastian Hahn  wrote:
> I've been wondering about the private_nets const in src/or/policies. It
> was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't
> remember why, and I'm hoping someone has an idea (maybe teor, who I've
> CCed here, who documented this in a later commit?). If nobody knows why
> we do this I think we should remove it as likely incorrect.

::/8 is Reserved by the IETF, it is (a superset of) the deprecated
space for "IPv4 Compatible IPv6 Addresses".  The addresses are not to
be reassigned for any other purposes.

Authoritative source:
http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml

I'm not necessarily sure what private networks are all used for in
Tor, but maybe this explains it and makes sense?

-tom
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] [::]/8 is marked as private network, why?

Re: [tor-dev] [::]/8 is marked as private network, why?

Re: [tor-dev] [::]/8 is marked as private network, why?

3 matches

Site Navigation

Mail list logo

Footer information